Hello Openssl users, Need pointers on how to use ECDSA vs RSA certificates. When our device acting as TLS server, we have support for both ECDSA and RSA based certificates. At first, we need to feed a certificate for the TLS server to accept the connections. >From the code, having a feel that, if we feed ECDSA based certificates, ECDSA based ciphers only get selected by server. But, what if client doesn't have a cipher matched with ECDSA? Does server choose RSA based cipher or because the certificate we fed is holding ECDSA signature, will it respond with "no shared cipher"? Is there a way we can feed multiple certificates i.e. one with ECDSA and other with RSA to TLS server during SSL_CTX initialization? Or Once Client hello is received, after examining client supported ciphers, do we need to feed respective (i.e. ECDSA/RSA) certificate? Thanks, Rajeswari. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160622/399fb492/attachment.html>
